This week we worked on a customer case, where we found that the computer was being scanned vulnerable by Microsoft Base Line Security Analyzer tool (MBSA 2.2).

Issue Description:

MBSA 2.2 scanning tool is reoffering KB2538243, even though it has been already installed on the machine.

Cause:

We worked on computer and found that the VC ++ Security update KB2538243 provided as a part of Security bulletin MS11-025 was getting reoffered.

Security Bulletin page: http://technet.microsoft.com/en-us/security/bulletin/ms11-025

KB describing the file versions: http://support.microsoft.com/kb/2538243

Link to download files: http://www.microsoft.com/en-us/download/details.aspx?id=26368

Resolution

Since the computer was x64 bit OS, the customer had only installed the x64 file from the download page. Though the installation looked OK(as per the verbose logs located under the %temp% folder), the MBSA would still say that the update is missing.

Going back to the download page, we found three types of installer files: x86, x64 and IA64.

With the OS in this case having an X64 architecture, we could have both x86 and x64 editions of Visual C++ redistributables installed on the machine. Visual C++ is a commonly used component for various applications and it is normal to have 32 bit and 64 bit runtime installed on a 64 bit system.

Since the customer had only one version of the VC++ installed, they were being offered KB2538243 to be installed on the computer.

We decided to download both the x86 and x64 versions of the VC++ runtime and installed it. Once both were installed, the MBSA did not show the vulnerability anymore.

 

Content by: Ajith Thomas